qakbot | b0e0fd10ab854a82500bae0d29f6d7cae17427139af13687158eb5440fef920a

General

Target

LN12.vhd
Size

2.0MB
Sample

221207-x1drqafg49
MD5

a6e47f726a625c3e09ed004dde0e5f05
SHA1

9ee4e5431d8ba522ba7317ddda605cc910cd1c6e
SHA256

b0e0fd10ab854a82500bae0d29f6d7cae17427139af13687158eb5440fef920a
SHA512

a882665f7a542f61cfb2918c012366f493547c21d17d0092689a6dafe355190eb7d639b5b21b761472636212d707a9a60b32075baff472da35679c77599a7bb8
SSDEEP

12288:M6DdnMpn8G739YoRmwZBY9bk8OlBf07A4QDXSAIdQFFF7:M6DdnMp8qFR7tVlDXScn

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

obama226

Campaign

1670237875

C2

76.100.159.250:443

66.191.69.18:995

186.64.67.9:443

50.90.249.161:443

109.150.179.158:2222

92.149.205.238:2222

86.165.15.180:2222

41.44.19.36:995

78.17.157.5:443

173.18.126.3:443

75.99.125.235:2222

172.90.139.138:2222

27.99.45.237:2222

91.68.227.219:443

12.172.173.82:993

103.144.201.62:2078

12.172.173.82:990

173.239.94.212:443

91.169.12.198:32100

24.64.114.59:2222

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  Ref.lnk
- Size
  
  1KB
- MD5
  
  14ea31de3928c83dc8b8aec92a8a2cfd
- SHA1
  
  ec28d62a2f57db722529d9be405071f0487c586e
- SHA256
  
  74f8f7d95f369950e111d66ceb897b1deae57f27f96df7110cc4a7c0ba882f85
- SHA512
  
  5853016ae5c719592c22ab42411e8b334a0db4b4daf446a8b74d568d74b2d67f238a12328907837a9455b4160d8e179fd1343e25c8c13db89bab99ab2707b60b
Score

10^/10

qakbot obama226 1670237875 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  spunky/brought.cmd
- Size
  
  305B
- MD5
  
  1bb3a1fc96a2bad3fa69372460f285bc
- SHA1
  
  4c862f0151f07d46d5782e3b58bc2949eedf6d88
- SHA256
  
  abb4ae437ea41ea811af514234c49865c7127780698d5c70f5400cc9eb92f1cc
- SHA512
  
  6328a6f3240d6e31bfb596a6de7e42011b8f0a15bff10cf7ff342570fd3b6cc9b43c53603c271838c0509e4c538f0f554f8a6e811c08f60e728c518bac2f52db
Score

1^/10
behavioral3 behavioral4
- Target
  
  spunky/km.tmp
- Size
  
  596KB
- MD5
  
  9c24f120fff6d062785eb6cf2053fd8e
- SHA1
  
  43b8afdd6e903d936df03ef50b22d75dadf47c89
- SHA256
  
  b1eb78b9c829bd1fc372220e35f7376cbd203de6956f857cd74223c806870070
- SHA512
  
  bd024eac873067af068462be9d5081ca30e7e8c118f586585cd5d02e57cb9b37a1f1b2df1527405cdab687f9990e6b1886a63e40e6eededf01e843958767cf7e
- SSDEEP
  
  12288:4n8G739YoRmwZBY9bk8OlBf07A4QDXSAIdQFFF7:48qFR7tVlDXScn
Score

3^/10
behavioral5 behavioral6
- Target
  
  spunky/lashings.cmd
- Size
  
  217B
- MD5
  
  6d9c3e56cc07598a24b0e5c2b477537f
- SHA1
  
  aa91380ae644d085ec6ea557b85a1163000a94d1
- SHA256
  
  b0c641d6576420b330831eff0fb0fa1f82299afc3e80af3641e7d0221f76f609
- SHA512
  
  5723cb8a4a13b1e59ac5b3fb71345faa8366b60b26586cd8a33f1692cbd18b891dfd2e35734085a5f0908a98efec9c15673212ad1a2c0d3edb344b161eba1e58
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8